A recent ransomware attack on Shingle Springs Health and Wellness Center (SSHWC) located in Placerville, CA resulted to the potential compromise of the protected health information (PHI) of 21,513 patients.

SSHWC found out on April 7, 2019 about the compromise of its server infrastructure and the deployment of ransomware. Because of the attack, its entire computer systems became inoperable. Patient data and important files were not accessible.

SSHWC immediately investigated the incident and reported the cyberattack to the the Indian Health Service and the Federal Bureau of Investigation. SSHWC already set up new servers and is quickly working on system upgrades as well as workstation improvements throughout all departments.

The motivation behind the ransomware attack is likely to extort cash from SSHWC; nonetheless, there were files that contain PHI involved in the incident and may have been compromised. The information in the files included names, addresses, phone numbers, health insurance details, names of provider, dates of service, sum paid or payable, diagnosis codes and Social Security numbers. SSHWC offered to all impacted patients free credit monitoring services for 12 months.

This breach is the third serious healthcare ransomware attack reported in the last few days. Estes Park Health had a ransomware attack on June 2, 2019, which also made the computer systems and patient information inaccessible. The provider paid an undisclosed amount of ransom to get the decryption keys, but certain files stayed locked. Additional ransom was paid to the attackers to unlock the other files.

N.E.O Urology in Boardman, OH also recently reported a ransomware attack. The entity paid a $75,000 ransom to recover all encrypted files.

These three ransomware attacks are just a few of the incidents reported by healthcare companies in the last two months. A recent Malwarebytes report states that ransomware attacks is becoming popular again with hackers. In quarter 1 of 2019, there was a 195% increase in ransomware attacks, mostly targeting healthcare organizations.